At least one user of Notepad++
December 12, 2025
•[ vulnerability, supply chain attack, software update attack ]
PCGuia reported that a critical vulnerability in Notepad++s automatic update mechanism was actively exploited, allowing attackers to intercept update traffic and distribute compromised/malicious versions of the software to users of versions prior to 8.8.9. The article states developers urged users to avoid the built-in updater and instead manually download the installer from the official site or trusted repositories. It also cites reporting that several organizations suffered serious breaches shortly after updating, and notes that the mitigations in version 8.8.9 included forcing the update URL to GitHub and improvements related to certificate/signature verification. The specific attacker identity, the full list of affected downstream organizations, and whether any sensitive data was exfiltrated from victims are not detailed in the article.
Trumbull County Recorder’s Office
November 14, 2025
•[ ransomware, data leak, supply chain attack ]
Trumbull County, Ohio reported that a ransomware attack on its third-party vendor C Systems Software led to a security breach affecting systems used for real-estate recordings and property records. County officials said they were alerted around November 14, 2025, and, with help from Ohio Homeland Security and external cybersecurity firm GuidePoint, determined that the same cybercriminals behind the vendor breach had attempted to exploit the county network. While they reported no evidence of successful intrusion into county systems, offices had to fall back on manual processing and suspend some online services for about ten days. The incident is believed to have exposed resident data held by the vendor and has prompted additional security and monitoring measures.
Salesforce customers via Gainsight-published applications
November 8, 2025
•[ data leak, supply chain attack, API abuse ]
A large-scale supply-chain campaign abused OAuth tokens linked to Gainsight-published applications integrated with Salesforce, enabling unauthorized API calls that accessed certain customers Salesforce data; according to Salesforce and multiple security advisories, suspicious activity began around November 8, 2025, and may have affected more than 200 Salesforce instances before tokens were revoked and the apps were pulled from the AppExchange.
Xubuntu
October 18, 2025
•[ malware, data theft, supply chain attack ]
Pplware reports the official Xubuntu site was briefly compromised; the torrent download link served a ZIP with a Windows EXE that stole sensitive data (e.g., crypto addresses). Xubuntu removed the page and accelerated infra migration; ISO mirrors were unaffected. Financially motivated malware delivery via a trusted brand.
Memphis-Shelby County Schools (MSCS)
October 8, 2025
•[ supply chain attack, service disruption ]
Vendor messaging platform breach caused districtwide outage; data impact not indicated.
London North Eastern Railway
October 8, 2025
•[ data leak, supply chain attack ]
Media report warns LNER customers after supplier breach exposed contact and journey data
Pornhub
August 11, 2025
•[ extortion, phishing, data leak ]
Cybercriminal group ShinyHunters claimed theft of a 94GB dataset containing about 201 million records tied to Pornhub Premium user activity and launched an extortion campaign demanding payment in Bitcoin. Reporting linked the compromise to third-party analytics provider Mixpanel, where access allegedly began on November 8, 2025 after a smishing attack harvested employee login credentials. Samples reviewed by journalists reportedly included email addresses, approximate location (city/country), video titles and URLs, search keywords, and timestamps for watches/downloads. Pornhub stated its internal systems were not directly hacked and that sensitive items such as passwords and credit card details remained secure, while Mixpanel later suggested some access may have involved a legitimate employee account associated with Pornhubs parent company, Aylo.
Undisclosed gaming mouse manufacturer (download site)
July 29, 2025
•[ malware, supply chain attack ]
PCWorld reports a gaming mouse vendors download page hosted malware for weeks, infecting users who downloaded driver/software packages.
Toptal
July 20, 2025
•[ data leak, source code leak, supply chain attack ]
73 repositories made available, exposing private projects and source code. Attackers hijacked Toptals GitHub organization and published 10 malicious npm packages before takedown. Later updates indicated minimal impact to external users.
Glasgow City Council
June 19, 2025
•[ data leak, government, supply chain attack ]
Glasgow City Council detected malicious activity on servers managed by supplier CGI on 19 June 2025; online payment and school-absence systems were taken offline; possible theft of customer data under investigation; no financial systems affected.
Rosselkhoznadzor – Mercury (VetIS) platform
June 1, 2025
•[ service disruption, supply chain attack, government ]
Cyberattack took Russias Mercury (VetIS) animal-product certification platform offline, forcing paper certificates and disrupting dairy supply chains; major retailers (e.g., Lenta, Yandex Lavka, Miratorg) reported interruptions; restoration ongoing; no attribution.
Les Automotive
March 17, 2025
•[ supply chain attack, malware ]
Supply-chain compromise at vendor led dealership sites to serve malicious clickfix.
Tj-Actions
March 14, 2025
•[ data leak, supply chain attack, credential exposure ]
A popular GitHub Action called tj-actions/changed-files was compromised: an attacker modified its code and version tags so that when used in CI/CD workflows it executed a script that dumped runner memory and exposed secrets (AWS keys, GitHub PATs, npm tokens, private RSA keys) in publicly accessible logs. The incident, tracked as CVE-2025-30066 (and linked to CVE-2025-30154 for a related Action), affected thousands of repositories across many organizations. Users are advised to stop using the impacted versions, rotate all credentials, and review any workflows that ran between March 1415, 2025.
The House of Dior
January 26, 2025
•[ data leak, personally identifiable information, supply chain attack ]
Dior disclosed that a database was accessed on Jan 26, 2025 exposing data that includes names, contact details, address, DOB, and in some cases passport/ID or SSN. Believed to be related to broader LVMH/ShinyHunters vendor breach cluster.
Union Health System
January 22, 2025
•[ data leak, supply chain attack ]
Union Health reported that an unknown party accessed Oracle Health/Cerners data migration environment sometime after January 22, 2025; Union Health systems werent breached but patient data held by the vendor was exposed; notifications issued in May 2025.
LG Energy Solution
January 11, 2025
•[ ransomware, data leak, supply chain attack ]
LG Energy Solution confirmed that an overseas facility was hit by a ransomware incident in November 2025, which briefly affected operations before systems were restored. The Akira ransomware group listed LG on its leak site, claiming to have stolen around 1.7 TB of data, including corporate documents and an employee database with personal information. LG stated that the incident was contained to the single facility and that production had resumed, while it continued to investigate the scope of the data theft. The case underscores the risk to global manufacturing supply chains from targeted ransomware operations.
SmartTube
January 11, 2025
•[ malware, supply chain attack, data leak ]
Reporting indicates SmartTubes build/signing environment was compromised, allowing attackers to distribute officially signed builds containing malware (notably in versions identified in coverage). The malware was described as collecting device and app telemetry including IP addresses, and the project took affected builds offline while issuing a newly signed clean version. The incident reflects a supply-chain style compromise with malicious code distributed to users, with no confirmed account credential capture in the cited reporting.
Merck Sharp & Dohme LLC
December 19, 2024
•[ data leak, supply chain attack ]
Merck stated it was informed that its data was found within files impacted by a security incident at vendor Graebel Companies, Inc. After internal review, Merck determined certain current and former employees personal information was included in the impacted data and began notifying affected individuals. Reported potentially impacted elements included names and financial account information. The underlying vendor incident involved unauthorized access to or taking of certain files from the vendors network during a defined window in December 2024, with subsequent file review and customer notifications occurring later.
Hertz Global Holdings
December 1, 2024
•[ data leak, supply chain attack, vulnerability exploit ]
Hertz confirmed that customer personal data was stolen through exploitation of zero-day vulnerabilities in its vendor Cleo Communications managed file transfer platform between October and December 2024. The company completed analysis on April 2 2025 and disclosed the breach publicly on April 10 2025. The compromised data included names, contact information, drivers license numbers, and limited payment and identification information. No encryption or operational disruption was reported.
